Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
An issue has appeared with an existing accordion menu on the website I work on after the site was moved to new servers. I discovered that the Accordion Panel Body textarea will not accept the phrase "select from" in the text entered there. Upon saving, we're directed to a page with a 500 Internal Server Error message. If the phrase is changed to "choose from", the menu saves successfully.
I suspect the phrase is being caught as an attempt at SQL injection. There's no column name or asterisk in-between those two words, so I wouldn't think it would be identified as harmful.
Comment | File | Size | Author |
---|---|---|---|
#5 | 500 error.png | 23.91 KB | lockek |
#5 | accordion_content.png | 43.28 KB | lockek |
Comments
Comment #2
Manuel Garcia CreditAttribution: Manuel Garcia as a volunteer commentedI dont think this issue is with views_accordion, perhaps https://www.drupal.org/project/panels_accordion ?
Comment #3
lockek CreditAttribution: lockek commentedManuel, thanks for responding. I don't see panels_accordion in our list of modules.
Comment #4
Manuel Garcia CreditAttribution: Manuel Garcia as a volunteer commentedViews accordion is just a views style plugin... so I'm not sure what you mean when you say:
Could you explain that a bit further? Perhaps a screenshot would help.
Comment #5
lockek CreditAttribution: lockek commentedMy apologies if this is the wrong module, as I'm fairly new to Drupal. Here are screen shots of sample input and what I see upon saving.
Comment #6
Manuel Garcia CreditAttribution: Manuel Garcia as a volunteer commentedNo worries lockek, we've all been new at some point =)
That indeed looks like something else than views_accordion.
In general, if you see a 500 error the first thing I'd do is check the server logs, on linux generally this lives in /
var/log/apache2/error.log
or similar file name - you'll probably see something like a PHP fatal error in there which will tell you which file is causing the error.I suggest you first have a look at that, it will probably tell you where the problem is coming from.
Comment #7
lockek CreditAttribution: lockek commentedThanks, Manuel. I will look into the logs and report back.
Comment #8
lockek CreditAttribution: lockek commentedI took a look at the error log and it confirmed my hunch that the content was being blocked for potential SQL injection. I can see that the error comes from the editor that I posted a screenshot of, which makes sense.
I'm thinking the new environment has more protections in place and this isn't a bug with any module. I intend to build an error page with our site branding so the form can fail a bit more gracefully.
Comment #9
Manuel Garcia CreditAttribution: Manuel Garcia as a volunteer commentedUpdating this issue for clarity, since its not a bug with the module.
Thanks @lockek for the info!
Comment #10
lockek CreditAttribution: lockek commentedYou're welcome, Manuel. Thank you very much for the help!